Action Alert: Tell California to Investigate Sony's DRM

The discovery of dangerous software installed on Sony BMG CDs
in the name of digital rights management (DRM) has sparked
global outrage. Numerous lawsuits have been filed, including
one by EFF.

But Sony BMG is not only in trouble with customers and
artists over its DRM scandal. Sony BMG has also run afoul of
various state consumer protection laws. In Texas, the
Attorney General is pursuing a case against the company under
that state's anti-spyware legislation. New York's Elliot
Spitzer is said to be considering action after uncovering
that Sony did not do an adequate job of recalling infected
CDs from that state, calling Sony's dithering "unacceptable."

Here in California, our Attorney General has not yet taken
action against Sony BMG. The Attorney General's Office says
that they've not heard many complaints from disgruntled
California citizens.

Hmm. Are any of you out there? Are any of you mad about what
Sony BMG is doing to your computers? We thought so.

California's Attorney General takes complaints from members
of the public online. You don't need to have bought an
infected Sony BMG CD. Just let the Attorney General's office
know that you're upset with what Sony BMG did, that you think
what they did harmed Californian consumers, and that you
think the company's practices should be investigated.

Be sure to let the Attorney General's office know if:

* You bought an XCP CD, and you're angry it installed a
rootkit on your machine and made it vulnerable to compromise
by other malicious software.

* You bought a SunComm MediaMax CD, and you're mad that it
breaches your privacy by calling home and that it installs
files without your permission, before you even click on an
agreement.

* You bought either type of CD and want to complain that
Sony BMG's EULA tricked you into agreeing to outrageous
conditions to which no reasonable person would agree (such as
the requirement to give up ownership of your music in the
event of bankruptcy).

* You're a music fan who has noticed that weeks after Sony
first heard of the problems with its software, its dangerous
CDs are still on the shelves--even after the company publicly
announced a mass recall.

After you've filled in the consumer complaints form, mail us
at sonydrm@eff.org and let us know what you told the AG. We'd
like to know how you feel about Sony BMG's actions--and the
company's continuing inaction.

North Carolina Illegally Certifies Diebold E-voting System

Board of Elections Ignores Rules to Escrow Code, Identify
Programmers

Raleigh, North Carolina - The North Carolina Board of
Elections certified Diebold Election Systems to sell
electronic voting equipment in the state Thursday, despite
Diebold's repeated admission that it could not comply with
North Carolina's tough election law. The Electronic
Frontier Foundation (EFF) believes that this raises important
questions about the Board of Elections'procedures as well as
the integrity of Diebold's bid for certification.

In all, three companies were certified for e-voting in
North Carolina: Diebold, Sequoia Voting Systems, and Election
Systems & Software. However, Keith Long, an advisor to the
Board of Elections who was formerly employed by both Diebold
and Sequoia, has said that "none of them" could meet the
statutory requirement to place their system code in escrow.
Instead of rejecting all applications and issuing a new call
for bids as required by law, the Board chose to approve all
of the applicants.

"The Board of Elections has simply flouted the law," said
EFF Staff Attorney Matt Zimmerman. "In August, the state
passed tough new rules designed to ensure transparency in the
election process, and the Board simply decided to take it
upon itself to overrule the legislature. The Board's job is
to protect voters, not corporations who want to obtain multi-
million dollar contracts with the state."

Last month, Diebold obtained a broad temporary restraining
order that allowed it to evade key transparency requirements
without criminal or civil liability. The law requires escrow
of the source code for all voting systems to be certified in
the state and identification of programmers. Diebold claimed
that it could not comply because of its reliance on third-
party software.

Monday, responding to EFF's arguments, a judge dismissed
Diebold's request for broad exemptions to the law and told
Diebold that if it wanted to continue in its certification
bid, it must follow the law or face liability. Diebold had
told the court that it would likely withdraw from the bidding
process if it was not granted liability protection. But
instead, Diebold went forward with the certification bid.

Diebold's certification now means it is permitted to sell e-
voting equipment in North Carolina. But Zimmerman says that
any county that buys from Diebold is taking a risk.

"If Diebold's certification is revoked, counties using its
equipment could be left holding a very expensive bag,"
Zimmerman said.

Despite Long's assertion, at least one Diebold competitor--
Nebraska-based Election Systems & Software--has publicly
stated that it is capable of meeting the escrow requirement
for the code used it its system.

DMCA Triennial Rulemaking: Failing Consumers Completely

EFF Bows Out of Broken Process

San Francisco - The Electronic Frontier Foundation (EFF)
released a report entitled "DMCA Triennial Rulemaking:
Failing the Digital Consumer," describing why the third
triennial DMCA rulemaking, currently underway before the U.S.
Copyright Office, does not effectively address the concerns
of American digital media consumers. In light of the
shortcomings of the DMCA rulemaking procedure, EFF did not
propose any DMCA exemptions for the 2006-2009 triennial
rulemaking period.

Digital media consumers are finding themselves increasingly
hemmed in by "digital rights management" (DRM) restrictions
on digital music, movies, video games, and software. The
Digital Millennium Copyright Act of 1998 (DMCA) generally
prohibits consumers from circumventing DRM mechanisms that
control access to DVDs, CDs, and other digital media
products. In an effort to ensure that these DRM mechanisms
would not impede lawful uses of copyrighted works, however,
Congress included what it described as a "fail-safe"
mechanism in the DMCA rulemaking proceeding to be held every
three years by the Copyright Office. The law delegates to the
Copyright Office and Librarian of Congress the power to grant
three-year exemptions to the DMCA's prohibition on
circumventing DRM restrictions where the restrictions would
otherwise encroach on lawful uses of copyrighted works.

EFF has participated in each of the two prior rulemakings in
2000 and 2003, each time asking the Copyright Office to
create exemptions for perfectly lawful consumer uses for
digital media that are encumbered by DRM. The Copyright
Office has rejected all of EFF's previous proposals.

Based on its prior experience with the rulemaking procedure,
as well as the increasing pervasiveness of DRM restrictions
on digital media products, EFF has concluded that the
triennial rulemaking does not effectively address the
concerns of digital media consumers. Instead, EFF's report
calls on Congress to take legislative action to reform and
repair the DMCA rulemaking process.

"When the Copyright Office is unwilling to grant a DMCA
exemption that would allow consumers to play copy-protected
CDs on their computers, you know the rulemaking process is
failing digital media consumers," said Fred von Lohmann,
Senior Staff Attorney with EFF. "In the wake of the Sony
BMG DRM debacle, it's time for Congress get involved on
behalf of American consumers."

Smart Card Research Threatened in DirecTV Case

EFF Fights Heavy-Handed Tactics From Satellite TV Giant

San Francisco - The Electronic Frontier Foundation (EFF) and
the Center for Internet and Society Cyberlaw Clinic at
Stanford University Law School filed an amicus brief in the
Ninth Circuit Court of Appeals Wednesday, asking judges to
protect legitimate researchers from the heavy-handed tactics
of the DirecTV Group, Inc., a worldwide provider of digital
television entertainment, broadband satellite networks and
services, and global video and data broadcasting.

Federal law makes it illegal to intercept satellite TV
signals without authorization and also bans modifying or
assembling interception tools for sale or distribution. In
the case before the Ninth Circuit, DirecTV claims that it can
sue individuals for both interception of its signal as well
as modification of receiving equipment in cases where altered
smart cards are simply inserted into standard television
equipment. DirecTV claims that inserting a smart card into
preexisting television equipment constitutes "assembling" a
pirate device. The amicus brief claims that DirecTV is
overreaching and also points out that legitimate security
researchers would be threatened under the proposed misreading
of the law. A lower court has already ruled that DirecTV
cannot sue on this theory and dismissed DirecTV's attempt to
"double-dip" by punishing individuals twice for a single
offense.

"Researchers are constantly assembling, modifying, and
building smart card components in furtherance of scientific
knowledge and innovation," said EFF Staff Attorney Jason
Schultz. "Congress clearly meant to exclude these beneficial
activities from any legal liability. The court below
understood this, and we hope the Appeals Court agrees."

Over the past few years, DirecTV has orchestrated a
nationwide legal campaign against hundreds of thousands of
individuals, claiming that they were illegally intercepting
its satellite TV signal. The company began its crusade by
raiding smart card device distributors to obtain their
customer lists, then sent over 170,000 demand letters to
customers and eventually filed more than 24,000 federal
lawsuits against them. Because DirecTV made little effort to
distinguish legal uses of smart card technology from illegal
ones, EFF and the Cyberlaw Clinic received hundreds of calls
and emails from panicked device purchasers. We worked with
DirecTV to get them to limit their lawsuits to only those
people they could prove were illegally receiving their
signal. The two groups co-sponsor a website at
www.directvdefense.org to help people defend themselves.

TSA Would Allow Sharp Objects on Airliners
Note that internal studies show half of the Department of
Security Theater staff's screening time is spent searching
for cigarette lighters.http://www.eff.org/cgi/tiny?urlID=536

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent the
views of EFF. To reproduce signed articles individually,
please contact the authors for their express permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.